I’m still trying things out in Postman at the moment. These’s a nifty feature in there that automatically constructs the Authorization header given my app secret and token.

The /oauth/request_token is successful, and I’m able to get a oauth_token and oauth_token_secret.

But I’ve been stuck at the next call/oauth/authenticate (or /oauth/authorize ? What’s the difference ?). I’m sending a GET request to /oauth/authenticate?oauth_token=from_prev_response, with postman inserts the Authorize header.